Last Updated on August 1, 2021 by Admin 1
The following access lists are applied to an interface connecting two OSPF routers:
What is the result?
- the DR on the link will begin updating
- the OSPF adjacency will go down
- the last deny statement will fail to log traffic
- the list will only permit IPv6 neighbor advertisements
If this list is applied to the interface connecting two OSPF routers, the OSPF adjacency would go down. The deny ip any any log statement will deny the IPv6 link local addresses, which are used for the neighbor discovery process and by OSPF routers to establish neighbor adjacencies when directly connected.
By default, IPv6 access lists have a deny all at the end that does NOT include those addresses. However, when you set an explicit deny all as shown in the scenario, you will block all traffic that is not specified by an earlier statement in the list.
The DR on the link, if present, will not begin updating because the adjacency will fail. It will then have no neighbor to update.
The last deny statement in the scenario will log any traffic it blocks, as indicated by the inclusion of the log keyword.
The list will NOT permit neighbor advertisements. These are always done in terms of link local addresses, which the explicit deny ip any any log statement at the end will block.
Configure and verify router security features